Saturday, September 12, 2015

Privacy, Security & Consent - an unholy trinity we need to address

So, you have credit cards, maybe a mortgage or auto loan, health insurance, auto insurance, and more.  You are probably using Facebook or some other social networks,  You also have a desktop, a tablet and/or a smartphone.  Maybe other devices like a fitbit.  Do you know who knows what about you?  Does the avalanche of privacy statements from all of the institutions that have your data make sense?  Does it make you feel that your privacy is being protected?  If you actually feel comfortable in the current situation, this blog is not for you.

Last fall I attended a conference that was focused on different aspects of privacy and security.  One of the speakers claimed that a presentation by IBM a few years early stated that every year approximately 2.5 quintillion bytes of data was created.  That is 2.5 followed by 18 zeros and this number is growing very quickly.  I am looking for the actual source of those numbers, but I'm sure they are a good approximation.  These numbers are way too big for a human to understand, but nonetheless, we are confronted by these numbers in our daily lives.  This is because we have this global network, the internet, that links all of this data together in myriad ways and makes enormous amounts of it available to us and the institutions of which we are members (voluntarily or not).

Managing this data is hard to conceptualize.  Ensuring that the data that each of us considers private remains private -- that is, only accessible to people or institutions which we approve -- seems to be impossible.  Yet that is what is needed if the public is ever to be comfortable with sharing data.  And healthcare and human services will remain stuck in the incredible inefficiencies of the 20th century data infrastructure with a disbelieving public if this doesn't change.

Currently, the feds (primarily SAMHSA Substance Abuse and Mental Health Services Agency), have proposed giving the public a way to control a small subset of healthcare data.  A method that has not caught on to be polite.  The scheme (primarily to protect substance abuse and mental health data, but there is a desire to expanded to all healthcare data) allows the patient to determine which data he or she may allow a physician to share.  This is called segmentation.  This is a very bad idea for many reasons:

  1. So far, this only applies to particular forms of the electronic medical record, namely the C32 and CCDA.  Not all commercial medical record vendors support either standard, and those that do in general only support a subset of these standards.
  2. The majority of clinical data sharing takes place with messages that conform to the HL7 or Direct, neither standard supports segmentation nor does it look like they ever will.
  3. "Clinical Swiss Cheese" (thanks to Mark Chudzinski for coining this term).  That is, with segmentation, a physician may never know if all of the relevant data they need to serve a patient is available to them.  This provides a strong disincentive for a physician to participate in data sharing since inconsistent access to data raises large liability concerns let alone the concern of helping to heal a patient.
  4. Hidden conditions may be deduced because of other data that has been shared.  For example (this has been cooked up to make it simple), let's say you have a heart condition that you don't want anyone including say an othopedic surgeon to know about.  But the surgeon needs to know the meds you are on and sees you are taking aspirin once a day.  That would be enough to make it clear you have a heart condition.
  5. Patients may not feel comfortable deciding what data to share or even if they do, they may not make choices that are wise.
  6. Physicians are already functioning under the Health Information Privacy and Portability Act (HIPPA) which makes it illegal for a physician to share data outside of the needs of treatment, payment or operations (TPO).  Allowing a patient to decide what information a physician can or can't see would appear to tell the public that you can't trust your physician with your data.  I fail to see how this can help improve our healthcare system.
So, if segmentation is a bad idea, what is a good idea?  How do we allow our data to be shared for our benefit without losing our privacy?  Great questions, see the next post for an answer.


sandeep saxena said...

The way of describing about Technology is fine.Im really happy to read this.please share more like this.
clinical sas training in chennai
clinical sas Training in Adyar
clinical sas Training in Velachery
clinical sas Training in Tambaram
SAS Training in Chennai
SAS Course in Chennai
SAS Training Institute in Chennai
QTP Training in Chennai

sandeep saxena said...

The way of describing about Technology is fine.Im really happy to read this.please share more like this type of article.
Html5 Training in Chennai
Html5 Training Institute in Chennai
html5 course fees
DOT NET Training in Chennai
DOT NET Training Institutes in Chennai
C C++ Training in Chennai
LoadRunner Training in Chennai
Html5 Training in Chennai

cynthiawilliams said...

Thanks for posting this info, I found it very interesting and informative.
RPA Training in Chennai
Robotics Process Automation Training in Chennai
Blue Prism Training in Chennai
UiPath Training in Chennai
Data Science Course in Chennai
RPA Training in Anna Nagar
RPA Training in Chennai
RPA course in Chennai

kiruthika said...

Very nice blog, Thank you for providing good information.
Aviation Academy in Chennai
Air hostess training in Chennai
Airport management courses in Chennai
Ground staff training in Chennai
aviation institute in Chennai
cabin crew training in Chennai
diploma in airport management course in Chennai
airport ground staff training courses in Chennai

Kerrthika K said...

Iam really enjoy to read your blog! it's very informative article..
Japanese Classes in Chennai
learn Japanese in Chennai
German Language Course in Chennai
Japanese Course in Chennai
IELTS Training in Chennai
TOEFL Training in Chennai
pearson vue
Japanese Classes in Porur
Japanese Classes in vadapalani
Japanese Classes in Thiruvanmiyur

Arjundevan said...

awesome article,the content has very informative ideas, waiting for the next update...
SAS Training in Chennai
SAS Training Center in Chennai
SAS Analytics Training in Chennai
SAS Training in Anna Nagar
SAS Training in Tnagar
clinical sas training in chennai
Mobile Testing Training in Chennai
QTP Training in Chennai
Hibernate Training in Chennai
DOT NET Training in Chennai

rinjuesther said...

valuable blog,Informative content...thanks for sharing, Waiting for the next update...
clinical sas training in chennai
clinical sas course
clinical sas Training in Porur
clinical sas Training in Velachery
clinical sas Training in Tambaram
SAS Training in Chennai
Spring Training in Chennai
LoadRunner Training in Chennai
QTP Training in Chennai
javascript training in chennai

pavithra dass said...

Pretty blog, so many ideas in a single site, thanks for the informative article, keep updating more article.
Java Classes in Chennai
Java Classes in Chennai
Java Institutes in Bangalore
Best Java Training in Coimbatore
Best Java Training Institute in Madurai
Java Course in Madurai
Java Training in Madurai

Techdatasolutionsblog said...

Very Good Information...

SAS Training in Pune

Thank You Very Much For Sharing These Nice Tips..

telkahost said...

شرکت تلکا هاست پیشرو در میزبانی انواع وب سایت و هم چنین دارای انواع هاست فوق ارزان با کنترل پنل سی پنل میباشد.حتما از سایت ما دیدن کنید و از قیمت های مناسب برای انواع سرویس های وب و ثبت انواع دامنه شگفت زده شوید.

Jayalakshmi said...

Thanks a lot for sharing such a good source with all, i appreciate your efforts taken for the same. I found this worth sharing and must share this with all.

Dot Net Training in Chennai | Dot Net Training in anna nagar | Dot Net Training in omr | Dot Net Training in porur | Dot Net Training in tambaram | Dot Net Training in velachery

Techi Top said...

thanks for sharing this information.
jio rockers telugu
extratorrents proxy